staticwebapp config: allow unsafe-eval and unsafe-inline in CSP #94
Conversation
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://polite-mushroom-00d947803-94.westeurope.1.azurestaticapps.net |
|
Ah, there was already #74 with a similar solution, sorry. |
|
@flyth I merged the other one following your comments. Do you think we can close this or is there anything we need to do? |
I think this would have given a slightly better rating because it still keeps the CSP for third party websites, but I don't think there's a big difference with the content we serve. /cc @sniok WDYT? |
|
Yeah having some CSP is better than nothing |
…line This adds the CSP back and also adds unsafe-eval and unsafe-inline which are needed for the search functionality and theme settings. Fixes #61
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://polite-mushroom-00d947803-94.westeurope.1.azurestaticapps.net |
flyth
force-pushed
the
michael/search
branch
from
7cb2b0b to
0abf831
Compare
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://polite-mushroom-00d947803-94.westeurope.1.azurestaticapps.net |
Currently the website complains that both unsafe-eval and unsafe-inline are not allowed by the Content Security Policy. However, it seems that the former is required for the search feature and the latter to be able to store the theme selection. The theme selection could be imported differently to prevent the need for unsafe-inline, but for the time being this should solve both issues.
Fixes #61